Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0066)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0066

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0066)

Resumen: The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2015-0066 advisory.

Descripción: Summary:
The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2015-0066 advisory.

Vulnerability Insight:
Updated krb5 packages fix security vulnerabilities:

Incorrect memory management in the libgssapi_krb5 library might result in
denial of service or the execution of arbitrary code (CVE-2014-5352).

Incorrect memory management in kadmind's processing of XDR data might result
in denial of service or the execution of arbitrary code (CVE-2014-9421).

Incorrect processing of two-component server principals might result in
impersonation attacks (CVE-2014-9422).

An information leak in the libgssrpc library (CVE-2014-9423).

Affected Software/OS:
'krb5' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-5352
BugTraq ID: 72495
http://www.securityfocus.com/bid/72495
Debian Security Information: DSA-3153 (Google Search)
http://www.debian.org/security/2015/dsa-3153
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
RedHat Security Advisories: RHSA-2015:0439
http://rhn.redhat.com/errata/RHSA-2015-0439.html
RedHat Security Advisories: RHSA-2015:0794
http://rhn.redhat.com/errata/RHSA-2015-0794.html
SuSE Security Announcement: SUSE-SU-2015:0257 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html
SuSE Security Announcement: SUSE-SU-2015:0290 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
SuSE Security Announcement: openSUSE-SU-2015:0255 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
http://www.ubuntu.com/usn/USN-2498-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-9421
BugTraq ID: 72496
http://www.securityfocus.com/bid/72496
Common Vulnerability Exposure (CVE) ID: CVE-2014-9422
BugTraq ID: 72494
http://www.securityfocus.com/bid/72494
Common Vulnerability Exposure (CVE) ID: CVE-2014-9423
BugTraq ID: 72503
http://www.securityfocus.com/bid/72503

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0066
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0066)
Resumen:	The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2015-0066 advisory.
Descripción:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2015-0066 advisory. Vulnerability Insight: Updated krb5 packages fix security vulnerabilities: Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code (CVE-2014-5352). Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code (CVE-2014-9421). Incorrect processing of two-component server principals might result in impersonation attacks (CVE-2014-9422). An information leak in the libgssrpc library (CVE-2014-9423). Affected Software/OS: 'krb5' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5352 BugTraq ID: 72495 http://www.securityfocus.com/bid/72495 Debian Security Information: DSA-3153 (Google Search) http://www.debian.org/security/2015/dsa-3153 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:069 RedHat Security Advisories: RHSA-2015:0439 http://rhn.redhat.com/errata/RHSA-2015-0439.html RedHat Security Advisories: RHSA-2015:0794 http://rhn.redhat.com/errata/RHSA-2015-0794.html SuSE Security Announcement: SUSE-SU-2015:0257 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html SuSE Security Announcement: SUSE-SU-2015:0290 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html SuSE Security Announcement: openSUSE-SU-2015:0255 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html http://www.ubuntu.com/usn/USN-2498-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-9421 BugTraq ID: 72496 http://www.securityfocus.com/bid/72496 Common Vulnerability Exposure (CVE) ID: CVE-2014-9422 BugTraq ID: 72494 http://www.securityfocus.com/bid/72494 Common Vulnerability Exposure (CVE) ID: CVE-2014-9423 BugTraq ID: 72503 http://www.securityfocus.com/bid/72503
Copyright	Copyright (C) 2022 Greenbone AG